Exemple #1
0
 public string GetFromUserName(DatabaseConnection dbConn)
 {
     if (string.IsNullOrEmpty(InboxFromUserName))
     {
         if (InboxFromUserID.Equals(0))
         {
             return("SYSTEM");
         }
         EUser user = new EUser();
         user.UserID = InboxFromUserID;
         if (EUser.db.select(dbConn, user))
         {
             if (string.IsNullOrEmpty(user.UserName))
             {
                 return(user.LoginID);
             }
             else
             {
                 return(user.UserName);
             }
         }
         else
         {
             return(InboxFromUserID.ToString());
         }
     }
     else
     {
         return(InboxFromUserName);
     }
 }
Exemple #2
0
 public static EUser GetObject(DatabaseConnection dbConn, object ID)
 {
     if (ID is int)
     {
         EUser obj = new EUser();
         obj.UserID = (int)ID;
         if (db.select(dbConn, obj))
         {
             return(obj);
         }
     }
     return(null);
 }
Exemple #3
0
    protected void Page_Init(object sender, EventArgs e)
    {
        Session["LastURL"] = Request.Url.PathAndQuery;

        user = WebUtils.GetCurUser(Session);
        //WebUtils.SetSessionLanguage(Session, user);

        lblVersionNo.Text = ProductVersion.CURRENT_PROGRAM_VERSION;

        HROne.ProductLicense productLicense = WebUtils.productLicense(Session);

        if (productLicense != null && productLicense.ProductType == HROne.ProductLicense.ProductLicenseType.iMGR)
        {
            Page.Title = "iMGR";
            lblCopyrightCompanyName.Text = "iGlobe Technology Limited";
        }
    }
    protected void Page_Load(object sender, EventArgs e)
    {
        if (Application["MasterDBConfig"] != null)
        {
            masterDBConn = ((DatabaseConfig)Application["MasterDBConfig"]).CreateDatabaseConnectionObject();
        }
        else
        {
            Response.Redirect("~/AccessDeny.aspx");
        }

        IsAllowEdit = WebUtils.CheckPermission(Session, FUNCTION_CODE, WebUtils.AccessLevel.ReadWrite);

        if (Session["CompanyDBID"] != null)
        {
            CurID = (int)Session["CompanyDBID"];
        }
        CompanyDBID.Value = CurID.ToString();


        sbinding = new SearchBinding(masterDBConn, sdb);
        sbinding.initValues("HSBCExchangeProfileID", null, EHSBCExchangeProfile.VLRemoteProfileList, ci);
        sbinding.init(DecryptedRequest, null);

        info = ListFooter.ListInfo;


        string tmpDateTimeString = ESystemParameter.getParameter(masterDBConn, ESystemParameter.PARAM_CODE_BANKFILE_LAST_CANCEL_TIME);

        if (!DateTime.TryParseExact(tmpDateTimeString, "HH:mm", null, System.Globalization.DateTimeStyles.None, out bankFileLastCancelTime))
        {
            bankFileLastCancelTime = new DateTime();
        }


        currentUser = WebUtils.GetCurUser(Session);
        if (currentUser != null)
        {
            DBFilter signatureFilter = new DBFilter();
            signatureFilter.add(new Match("UserID", currentUser.UserID));
            if (HROne.Lib.Entities.EeChannelAuthorizedSignature.db.count(dbConn, signatureFilter) > 0)
            {
                isAuthorizer = true;
            }
        }
    }
Exemple #5
0
        public bool IsAllowSubmitPermission(DatabaseConnection dbConn, int ActiveUserID)
        {
            DBFilter filter = new DBFilter();

            filter.add(new Match("UserID", m_UserID));

            ArrayList userGroupPermissionList = new ArrayList();
            {
                ArrayList userGroupAccessList = EUserGroupAccess.db.select(dbConn, filter);
                foreach (EUserGroupAccess userGroupAccess in userGroupAccessList)
                {
                    userGroupPermissionList.Add(userGroupAccess.UserGroupID);
                }
            }

            ArrayList companyPermissionList = new ArrayList();
            {
                ArrayList userCompanyList = EUserCompany.db.select(dbConn, filter);
                foreach (EUserCompany userCompany in userCompanyList)
                {
                    companyPermissionList.Add(userCompany.CompanyID);
                }
            }

            ArrayList rankPermissionList = new ArrayList();
            {
                ArrayList userRankList = EUserRank.db.select(dbConn, filter);
                foreach (EUserRank userRank in userRankList)
                {
                    rankPermissionList.Add(userRank.RankID);
                }
            }
            // Start 0000069, KuangWei, 2014-08-26
            ArrayList payrollGroupPermissionList = new ArrayList();

            {
                ArrayList payrollGroupUsersList = EPayrollGroupUsers.db.select(dbConn, filter);
                foreach (EPayrollGroupUsers payrollGroupUsers in payrollGroupUsersList)
                {
                    payrollGroupPermissionList.Add(payrollGroupUsers.PayGroupID);
                }
            }
            return(EUser.IsAllowSubmitPermission(dbConn, ActiveUserID, companyPermissionList, userGroupPermissionList, rankPermissionList, payrollGroupPermissionList));
            // End 0000069, KuangWei, 2014-08-26
        }
    protected void ResetLoginIDPasswordWithRandomKey(ECompanyDatabase obj, bool skipResetLoginID)
    {
        DatabaseConnection companyDBConn;

        try
        {
            companyDBConn = new DatabaseConnection(obj.getConnectionString(dbConn), DatabaseConnection.DatabaseType.MSSQL);
        }
        catch (Exception ex)
        {
            throw new Exception("Fail to connect to database");
        }


        HROne.Lib.Entities.EUser user = new HROne.Lib.Entities.EUser();
        user.UserID = 1;
        if (HROne.Lib.Entities.EUser.db.select(companyDBConn, user))
        {
            string randomPharse = RandomString(16);
            if (!skipResetLoginID)
            {
                obj.CompanyDBResetDefaultUserLoginID = randomPharse.Substring(0, 8);
            }
            else
            {
                obj.CompanyDBResetDefaultUserLoginID = user.LoginID;
            }
            obj.CompanyDBResetDefaultUserPassword = randomPharse.Substring(8);

            user.LoginID            = obj.CompanyDBResetDefaultUserLoginID;
            user.UserPassword       = HROne.CommonLib.Hash.PasswordHash(obj.CompanyDBResetDefaultUserPassword);
            user.UserAccountStatus  = "A";
            user.UserChangePassword = true;
            user.FailCount          = 0;
            HROne.Lib.Entities.EUser.db.update(companyDBConn, user);

            DBFilter SystemFunctionFilter = new DBFilter();
            SystemFunctionFilter.add(new IN("FunctionCode", "'SEC001', 'SEC002'", null));
            ArrayList systemFunctionList = HROne.Lib.Entities.ESystemFunction.db.select(companyDBConn, SystemFunctionFilter);
            foreach (HROne.Lib.Entities.ESystemFunction function in systemFunctionList)
            {
                DBFilter userGroupFunctionFilter = new DBFilter();
                userGroupFunctionFilter.add(new Match("FunctionID", function.FunctionID));
                userGroupFunctionFilter.add(new Match("FunctionAllowWrite", true));

                DBFilter userGroupAccessFilter = new DBFilter();
                userGroupAccessFilter.add(new Match("UserID", user.UserID));
                userGroupAccessFilter.add(new IN("UserGroupID", "SELECT ugf.UserGroupID FROM " + HROne.Lib.Entities.EUserGroupFunction.db.dbclass.tableName + " ugf", userGroupFunctionFilter));
                if (HROne.Lib.Entities.EUserGroupAccess.db.count(companyDBConn, userGroupAccessFilter) <= 0)
                {
                    ArrayList UserGroupFunctionList = HROne.Lib.Entities.EUserGroupFunction.db.select(companyDBConn, userGroupFunctionFilter);
                    if (UserGroupFunctionList.Count > 0)
                    {
                        HROne.Lib.Entities.EUserGroupAccess access = new HROne.Lib.Entities.EUserGroupAccess();
                        access.UserID      = user.UserID;
                        access.UserGroupID = ((HROne.Lib.Entities.EUserGroupFunction)UserGroupFunctionList[0]).UserGroupID;
                        HROne.Lib.Entities.EUserGroupAccess.db.insert(companyDBConn, access);
                    }
                }
            }

            ECompanyDatabase.db.update(dbConn, obj);
        }
        else
        {
            throw new Exception("Default User does not appear on company database");
        }
    }
Exemple #7
0
        public string GetLogText(DatabaseConnection dbConn, string EmpNoFilter, bool ShowHeaderOnly, bool ShowKeyIDOnly, bool DoNotConvertID)
        {
            StringBuilder logTextBuilder  = new StringBuilder();
            bool          skipGenerateLog = false;

            DBFilter auditTrailDetailFilter = new DBFilter();

            auditTrailDetailFilter.add(new Match("AuditTrailID", this.AuditTrailID));
            ArrayList auditTrailDetailList = EAuditTrailDetail.db.select(dbConn, auditTrailDetailFilter);

            int empID = this.EmpID;

            if (!string.IsNullOrEmpty(EmpNoFilter.Trim()))
            {
                if (empID.Equals(0))
                {
                    foreach (EAuditTrailDetail auditTrailDetail in auditTrailDetailList)
                    {
                        string tmpRemark = auditTrailDetail.Remark.Replace(" ", "");
                        int    pos       = tmpRemark.IndexOf("\nEmpID=", StringComparison.CurrentCultureIgnoreCase);
                        if (pos >= 0)
                        {
                            string empIDString = tmpRemark.Substring(pos + 1, tmpRemark.IndexOf("\n", pos + 1) - pos);
                            empID = int.Parse(empIDString.Substring(empIDString.IndexOf("=") + 1));
                        }
                    }
                }
                EEmpPersonalInfo empInfo = new EEmpPersonalInfo();
                empInfo.EmpID = empID;
                if (EEmpPersonalInfo.db.select(dbConn, empInfo))
                {
                    if (empInfo.EmpNo.IndexOf(EmpNoFilter.Trim(), StringComparison.CurrentCultureIgnoreCase) < 0)
                    {
                        skipGenerateLog = true;
                    }
                }
                else
                {
                    skipGenerateLog = true;
                }
            }
            if (!skipGenerateLog)
            {
                ESystemFunction function = new ESystemFunction();
                function.FunctionID = this.FunctionID;
                if (ESystemFunction.db.select(dbConn, function))
                {
                    logTextBuilder.AppendLine(string.Empty.PadLeft(78, '-'));
                    EUser user = new EUser();
                    user.UserID = this.UserID;
                    if (EUser.db.select(dbConn, user))
                    {
                        logTextBuilder.AppendLine("User     : \t" + user.LoginID + " - " + user.UserName);
                    }
                    else if (this.UserID.Equals(0))
                    {
                        logTextBuilder.AppendLine("User     : \t" + "System");
                    }
                    else
                    {
                        logTextBuilder.AppendLine("User     : \t" + this.UserID + " (Unknown)");
                    }

                    logTextBuilder.AppendLine("Function : \t" + function.FunctionCode + " - " + function.Description);
                    logTextBuilder.AppendLine("Date/Time: \t" + this.CreateDate.ToString("yyyy-MM-dd HH:mm:ss"));

                    if (!this.EmpID.Equals(0))
                    {
                        EEmpPersonalInfo empInfo = new EEmpPersonalInfo();
                        empInfo.EmpID = this.EmpID;
                        if (EEmpPersonalInfo.db.select(dbConn, empInfo))
                        {
                            logTextBuilder.AppendLine("Employee : \t" + empInfo.EmpNo + " - " + empInfo.EmpEngFullName);
                        }
                    }

                    logTextBuilder.AppendLine(string.Empty.PadLeft(78, '-'));

                    if (!ShowHeaderOnly)
                    {
                        foreach (EAuditTrailDetail auditTrailDetail in auditTrailDetailList)
                        {
                            if ((auditTrailDetail.Remark.Replace(" ", "").IndexOf("EmpID=" + empID, StringComparison.CurrentCultureIgnoreCase) >= 0 || this.EmpID.Equals(empID)) && !string.IsNullOrEmpty(EmpNoFilter.Trim()) || string.IsNullOrEmpty(EmpNoFilter.Trim()))
                            {
                                logTextBuilder.Append(auditTrailDetail.GetLogText(dbConn, ShowKeyIDOnly, DoNotConvertID));
                            }
                        }
                    }
                }
                //logTextBuilder.AppendLine(string.Empty);
            }
            return(logTextBuilder.ToString());
        }
Exemple #8
0
    //public bool ValidateUser(string username, string encryptedPassword)
    //{
    //    string message = string.Empty;
    //    DBFilter filter = new DBFilter();
    //    filter.add(new Match("LoginID", username));
    //    filter.add(new Match("UserAccountStatus", "<>", "D"));
    //    ArrayList list = EUser.db.select(dbConn, filter);
    //    if (list.Count == 0)
    //    {
    //        message = "Invalid User Name or Password";
    //        throw new Exception(message);
    //        return;
    //    }
    //    EUser user = (EUser)list[0];
    //    if (user.UserPassword == null)
    //        user.UserPassword = "";
    //    if (!(user.UserAccountStatus == "A"))
    //    {
    //        message = "Account is Inactive/Locked";
    //        throw new Exception(message);
    //        return;
    //    }

    //    if (!user.UserPassword.Equals(encryptedPassword))
    //    {
    //        message = "Invalid User Name or Password";
    //        user.FailCount++;
    //        string maxFailCountParameterString = ESystemParameter.getParameter(ESystemParameter.PARAM_CODE_LOGIN_MAX_FAIL_COUNT);
    //        if (!maxFailCountParameterString.Equals(string.Empty))
    //        {
    //            int MaxFailCount = 0;
    //            if (int.TryParse(maxFailCountParameterString, out MaxFailCount))
    //                if (MaxFailCount > 0)
    //                    if (user.FailCount >= MaxFailCount)
    //                    {
    //                        user.UserAccountStatus = "I";
    //                        user.FailCount = 0;
    //                    }
    //                    else if (user.FailCount - MaxFailCount == 1)
    //                    {
    //                        message += "\r\n" + "The account will be locked if you fail to login 1 more time";
    //                    }

    //        }
    //        EUser.db.update(dbConn, user);
    //        throw new Exception(message);
    //        return;
    //    }

    //    Session["User"] = user;

    //    WebUtils.SetSessionLanguage(Session, user);

    //    user.FailCount = 0;
    //    EUser.db.update(dbConn, user);
    //    //WebUtils.RefreshPermission(Session);
    //    bool isForceChangePassword = false;

    //    if (user.UserChangePasswordUnit == "D")
    //    {
    //        if (AppUtils.ServerDateTime() < user.UserChangePasswordDate.AddDays(user.UserChangePasswordPeriod))
    //            isForceChangePassword = false;
    //        else
    //            isForceChangePassword = true;
    //    }
    //    else if (user.UserChangePasswordUnit == "M")
    //    {
    //        if (AppUtils.ServerDateTime() < user.UserChangePasswordDate.AddMonths(user.UserChangePasswordPeriod))
    //            isForceChangePassword = false;
    //        else
    //            isForceChangePassword = true;
    //    }
    //    else if (user.UserChangePasswordUnit == "Y")
    //    {
    //        if (AppUtils.ServerDateTime() < user.UserChangePasswordDate.AddYears(user.UserChangePasswordPeriod))
    //            isForceChangePassword = false;
    //        else
    //            isForceChangePassword = true;
    //    }
    //    else
    //        isForceChangePassword = false;
    //    if (user.UserChangePassword)
    //        isForceChangePassword = true;

    //    //EInbox.GenerateInboxMessage(user.UserID);
    //    if (isForceChangePassword)
    //        Session["ForceChangePassword"] = true;
    //    if (Session["LastURL"] != null)
    //        Response.Redirect(Session["LastURL"].ToString());
    //    else
    //        HROne.Common.WebUtility.RedirectURLwithEncryptedQueryString(Response, Session, "Emp_List.aspx");

    //}

    protected void Login_Click(object sender, EventArgs e)
    {
        HROne.Lib.Entities.EUser user = null;

        Session.Clear();

        HROne.DataAccess.DatabaseConnection  mainDBConn = null;
        HROne.SaaS.Entities.ECompanyDatabase companyDB  = null;
        bool   hasError = false;
        string message  = string.Empty;

        // always check whether companyDB exists after click
        if (Application["MasterDBConfig"] != null)
        {
            DatabaseConfig masterDBConfig = (DatabaseConfig)Application["MasterDBConfig"];
            HROne.DataAccess.DatabaseConnection masterDBConn = masterDBConfig.CreateDatabaseConnectionObject();
            DBFilter companyDatabaseFilter = new DBFilter();
            companyDatabaseFilter.add(new Match("CompanyDBClientCode", txtCustomerID.Text));
            ArrayList companyDatabaseList = HROne.SaaS.Entities.ECompanyDatabase.db.select(masterDBConn, companyDatabaseFilter);
            if (companyDatabaseList.Count > 0)
            {
                companyDB = (HROne.SaaS.Entities.ECompanyDatabase)companyDatabaseList[0];

                DatabaseConfig tempDBConfig = new DatabaseConfig();
                tempDBConfig.ConnectionString = companyDB.getConnectionString(masterDBConn);
                tempDBConfig.DBType           = WebUtils.DBTypeEmun.MSSQL;

                if (tempDBConfig.TestConnection())
                {
                    mainDBConn = tempDBConfig.CreateDatabaseConnectionObject();

                    HROne.Lib.Entities.ESystemParameter.setParameter(mainDBConn, HROne.Lib.Entities.ESystemParameter.PARAM_CODE_PRODUCTKEY, companyDB.CompanyDBProductKey);
                    HROne.Lib.Entities.ESystemParameter.setParameter(mainDBConn, HROne.Lib.Entities.ESystemParameter.PARAM_CODE_PRODUCTFEATURECODE, companyDB.getProductFeatureCode(masterDBConn));

                    string[] smtpParameterList = new string[]
                    {
                        HROne.Lib.Entities.ESystemParameter.PARAM_CODE_SMTP_SERVER_NAME,
                        HROne.Lib.Entities.ESystemParameter.PARAM_CODE_SMTP_PORT,
                        HROne.Lib.Entities.ESystemParameter.PARAM_CODE_SMTP_USERNAME,
                        HROne.Lib.Entities.ESystemParameter.PARAM_CODE_SMTP_ENABLE_SSL,
                        HROne.Lib.Entities.ESystemParameter.PARAM_CODE_SMTP_SMTP_OUTGOING_EMAIL_ADDRESS
                    };
                    foreach (string smptParameter in smtpParameterList)
                    {
                        HROne.Lib.Entities.ESystemParameter.setParameter(mainDBConn, smptParameter, HROne.SaaS.Entities.ESystemParameter.getParameter(masterDBConn, smptParameter));
                    }
                    HROne.Lib.Entities.ESystemParameter.setParameterWithEncryption(mainDBConn, HROne.Lib.Entities.ESystemParameter.PARAM_CODE_SMTP_PASSWORD
                                                                                   , HROne.SaaS.Entities.ESystemParameter.getParameterWithEncryption(masterDBConn, HROne.SaaS.Entities.ESystemParameter.PARAM_CODE_SMTP_PASSWORD));
                }
                else
                {
                    if (HROne.DataAccess.DBAESEncryptStringFieldAttribute.InvalidRSAKey)
                    {
                        HttpRuntime.UnloadAppDomain();
                    }
                }
            }
        }
        else
        {
            mainDBConn = WebUtils.GetDatabaseConnection();
            if (mainDBConn == null)
            {
                if (multiDBRow.Visible)
                {
                    int idx;
                    if (int.TryParse(cboDatabase.SelectedValue, out idx))
                    {
                        HROneConfig    config   = HROneConfig.GetCurrentHROneConfig();
                        DatabaseConfig dbconfig = config.DatabaseConfigList[idx];
                        if (dbconfig.TestConnection())
                        {
                            mainDBConn = dbconfig.CreateDatabaseConnectionObject();
                        }
                        else
                        {
                            ScriptManager.RegisterStartupScript(this, this.GetType(), "errorMessage", "alert(\"Fail to connect database\");", true);
                            return;
                        }
                    }
                }
            }
        }
        if (mainDBConn != null)
        {
            WebUtils.SetSessionDatabaseConnection(Session, mainDBConn);
        }

        HROne.ProductLicense productLicense = WebUtils.productLicense(Session);
        if (productLicense != null)
        {
            if (companyDB == null && productLicense.ProductType == HROne.ProductLicense.ProductLicenseType.HROneSaaS)
            {
                productLicense.LoadProductKey(string.Empty);
            }
        }

        if (mainDBConn == null && companyDB != null)
        {
            hasError = true;
            message  = "Fail to connect to database. Please contact to customer service.";
        }
        if (!hasError)
        {
            try
            {
                WebUtils.ValidateUser(mainDBConn, Username.Text, HROne.CommonLib.Hash.PasswordHash(Password.Text), true, true, out user);
            }
            catch (Exception ex)
            {
                hasError = true;
                message  = ex.Message;
            }
            // Check the database status after login is verified
            if (companyDB != null && !hasError)
            {
                if (!companyDB.CompanyDBIsActive)
                {
                    hasError = true;
                    message  = "Subscribed service has been expired; please contact customer service hotline for assistant.";
                }
            }

            if (!hasError)
            {
                //  Create Login Audit for successfully login
                HROne.Lib.Entities.ELoginAudit.CreateLoginAudit(mainDBConn, user.UserID, Username.Text, Request, AppUtils.ServerDateTime(), false, string.Empty);
                Session["LoginID"]           = user.LoginID;
                Session["PasswordEncrypted"] = user.UserPassword;
                if (companyDB != null)
                {
                    Session["CompanyDBID"] = companyDB.CompanyDBID;
                }

                if (mainDBConn is HROne.DataAccess.DatabaseConnectionWithAudit)
                {
                    ((HROne.DataAccess.DatabaseConnectionWithAudit)mainDBConn).UserID = user.UserID;
                }
                WebUtils.SetSessionLanguage(Session, user);

                //WebUtils.RefreshPermission(Session);
                bool isForceChangePassword = false;

                if (user.UserChangePasswordUnit == "D")
                {
                    if (AppUtils.ServerDateTime() < user.UserChangePasswordDate.AddDays(user.UserChangePasswordPeriod))
                    {
                        isForceChangePassword = false;
                    }
                    else
                    {
                        isForceChangePassword = true;
                    }
                }
                else if (user.UserChangePasswordUnit == "M")
                {
                    if (AppUtils.ServerDateTime() < user.UserChangePasswordDate.AddMonths(user.UserChangePasswordPeriod))
                    {
                        isForceChangePassword = false;
                    }
                    else
                    {
                        isForceChangePassword = true;
                    }
                }
                else if (user.UserChangePasswordUnit == "Y")
                {
                    if (AppUtils.ServerDateTime() < user.UserChangePasswordDate.AddYears(user.UserChangePasswordPeriod))
                    {
                        isForceChangePassword = false;
                    }
                    else
                    {
                        isForceChangePassword = true;
                    }
                }
                else
                {
                    isForceChangePassword = false;
                }
                if (user.UserChangePassword)
                {
                    isForceChangePassword = true;
                }

                //EInbox.GenerateInboxMessage(user.UserID);
                if (isForceChangePassword)
                {
                    Session["ForceChangePassword"] = true;
                }

                WebUtils.SetSessionLanguage(Session, WebUtils.GetCurUser(Session));
                //RegenerateSessionId();
                HROne.Lib.Entities.EInbox.DeleteAllDeletedUserID(mainDBConn);
                HROne.Common.WebUtility.RedirectURLwithEncryptedQueryString(Response, Session, "~/Default.aspx?LastURL=" + DecryptedRequest["LastURL"]);
            }
        }
        //  Remove all item for release session
        Session.Clear();
        Request.Cookies.Remove(HROne.Common.WebUtility.getDefaultSessionCookieName());
        //if (companyDB != null)
        //{
        //    Session.Remove("DatabaseConnection");
        //}
        {
            //  Create Login Audit for fail login
            if (user != null)
            {
                HROne.Lib.Entities.ELoginAudit.CreateLoginAudit(mainDBConn, user.UserID, Username.Text, Request, AppUtils.ServerDateTime(), true, message);
            }
            else
            {
                HROne.Lib.Entities.ELoginAudit.CreateLoginAudit(mainDBConn, 0, Username.Text, Request, AppUtils.ServerDateTime(), true, message);
            }

            message = message.Replace("\\", "\\\\").Replace("\r", "\\r").Replace("\n", "\\n").Replace("\"", "\\\"");
            message = message.Replace(HROne.Common.WebUtility.GetLocalizedString("validate.prompt"), "");
            ScriptManager.RegisterStartupScript(this, this.GetType(), "errorMessage", "alert(\"" + message + "\");", true);
            System.Threading.Thread.Sleep(1000);
        }
    }